Troubleshooting the RollAlternateServiceAccountCredential.ps1 Script
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
This topic provides solutions and information about common errors that may occur when you use the RollAlternateServiceAccountPassword.ps1 script.
When you use the parameters ToEntireForest or ToArrayMembers with the script, in some instances, one or more of the Client Access servers may not be updated.
Verify the servers the script will target all required servers by using the Get-ClientAccessArray cmdlet, as shown in the following example.
Get-ClientAccessArray | fl members
If the server that's failing to update is a member of the Client Access array and is still not updating correctly, rerun Exchange Setup and add the Client Access server role to the server again. You can also specify individual servers to target using the parameter ToSpecificServers.
If a server is out of rotation for a longer period of time but is still a member of the array, as determined by the Get-ClientAccessArray cmdlet, the script functionality may be impaired when using the parameters ToArrayMembers and ToEntireForest. The same problem will occur if a server has had a permanent failure but hasn't been cleanly removed from your deployment.
To resolve this issue, remove the server from your deployment using Exchange Setup or run the script in attended mode until the server can be removed.
If the server will only be down for a short time, and you don't want to permanently remove Exchange, you can adjust the script to run against specific servers using the parameter ToSpecificServers so that only active servers are targeted. Or, you can remove the RPC Client Access service from the non-responsive server’s Active Directory object by using the Remove-ClientAccessArray cmdlet, as shown in the following example.
Remove-RPCClientAccess -Server Server.Contoso.com
After the RPC Client Access service has been removed, the server won't be returned as an array member by Get-ClientAccessArray and the script won't target it. As soon as the server is functional again, you can re-add the RPC Client Access service by using the New-RpcClientAccess cmdlet. When the RPC Client Access service is re-added, be sure to restart the Microsoft Exchange Address Book service on the affected server.
|Before you remove the RPC Client Access service from a server, see the topic Remove-RpcClientAccess.|
For more information about how to use Kerberos authentication with a Client Access server array or a load-balancing solution, see the following topics: